Hub 2017.4 Help

Keymap:

Set Up SSL Keys for SAML 2.0

To use Hub as the Identity Provider with SAML, you must encrypt the connection between Hub and a Service Provider. You need to generate an SSL key and a certificate, pack them in a PKCS12 format file, and upload it to Hub.

There are several tools that let you create SSL keys and certificates in PKCS12 format. We describe how to create SSL key with theOpenSSL toolkit.

Result: You have a PKCS12 key store (Hub_SAML.p12 in the example) that is ready for upload to Hub.

Please keep the generated SSL key and the certificate. Some service providers require their actual content for SAML configuration.

Upload and Set up the PKCS12 Key Store in Hub

In the Server Settings section of the Administration menu, select SSL Key Stores.

Click the Import Key Store button.

In the sidebar, select the created .p12 key file, provide the password, and upload the key store to Hub.

In the Access Management section of the Administration menu, select SAML 2.0.

Select the key store in the SSL Key drop-down list on the Settings tab.

Hub encrypts the connection with SAML Service Providers using the selected SSL Key. Hub also extracts and displays the SHA-256, SHA-1, and MD-5 Fingerprints of the certificate that is packed into the selected key store.

A service provider may require any of these fingerprints to enable and configure SAML2.0 on its side.